Microsoft Exchange and Active Directory Blog
It's been a while since I published an article here about Exchange Server and Let's Encrypt certificates. In the meantime, things have changed a bit and I'm getting a lot of requests on the topic, so I'm writing a new article. As you know, Let's Encrypt is a public certification authority, ... Read more
A reader, who wishes to remain anonymous, has kindly sent me his scripts and configuration for Let's Encrypt, HAProxy and Exchange 2019 in conjunction with Extended Protection so that I can publish them here. First of all, I would like to thank you very much, because I think this configuration (HAProxy as a reverse proxy for Exchange, certificates via Let's ... Read more
I have just uploaded a new version of the Exchange Certificate Assistant. The old version still uses the Let's Encrypt protocol ACMEv1, which is no longer supported by Let's Encrypt. The new version 3 of the Certificate Assistant now uses the PowerShell module Posh-ACME to automatically request certificates for Exchange Server via Let's Encrypt. Posh-ACME is ACMEv2 ... Read more
Sophos UTM can now automatically request and renew certificates from Let's Encrypt. This function is particularly useful for web server protection (WAF). The certificate for the various WAF services is thus managed by the UTM and renewed accordingly before it expires. I have already received several requests from people who would like to use the ... Read more
Sophos UTM 9.6 now also offers the long-awaited support for free Let's Encrypt certificates. Although the UTM only supports the ACMEv1 protocol and therefore cannot request wildcard certificates, SAN certificates with up to 100 DNS names can be requested automatically. Brief overview of Let's Encrypt Let's Encrypt is a certification authority (CA) that ... Read more
I can now announce that the current version of the Certificate Assistant for Let's Encrypüt now also supports Exchange 2010 and Server 2008 R2. I have updated the download again and there are now 3 versions of the script included: So the following operating systems are now supported: Windows Server 2008 R2 Windows Server 2012 R2 Windows ... Read more
Last Monday I published a revised version of the Exchange Certificate Assistant. The last version previously only supported Exchange 2016 on Windows Server 2016. The current version now also supports Windows Server 2012 R2 and Exchange 2013. Also new is the possibility to send the notification mails with authentication on the SMTP server. In addition, ... Read more
On February 6, 2017, I published the first version of the certificate wizard for Exchange 2016 and Let's Encrypt. The certificate wizard simplifies the process of requesting, renewing and installing an SSL certificate for Exchange 2016. Now, thanks to Bjoern, there is a new version. Bjoern has taken the trouble to make some changes so that the certificate wizard also works with Exchange 2010 and ... Read more
Let's Encrypt announced today that free wildcard certificates will also be issued from January 2018. Wildcard certificates (e.g. *.frankysweb.de) can be used to secure an entire domain via SSL with one certificate. With other certification authorities, wildcard certificates cost quite a bit of money, the cheapest wildcard certificate I know so far is just under 280 EUR for ... Read more
OPNSense is a fork of the well-known open source firewall PFSense, I personally like OPNSense better, the GUI is tidier, there is a REST api and the most important plug-ins are also available. As there is a plugin for HAProxy and also for Let's Encrypt for OPNSense, I have started testing this combination in conjunction with Exchange 2016. OPNSense ... Read more
